Advertisements Currently allow read, write: if request.auth.uid != null && request.auth.token.admin == true Is it okay to do smth like this? allow read, write: if request.auth.token.admin == true >Solution : It’s not necessary as trying to read property token of null (if user is not signed in) will just error out and reject the operation.… Read More Is it necessary to check if auth.uid is not null if it is already checking for token

Advertisements I’ve programmed a web app with TypeScript and I have a problem with Firebase Firestore. I run the following request and it’s disallowed due to a Firestore Security Rule: export async function setNewAppointment(appointment: Appointment) { const user = auth.currentUser; await addDoc(collection(db, “appointments”), { user_id: “blah”, id: appointment.id, title: appointment.title, start_time: Timestamp.fromMillis(appointment.start_time), end_time: Timestamp.fromMillis(appointment.end_time), description:… Read More Firebase Security Rule fails even though the request would be correct

Advertisements I have a Firebase database JSON in a format global_records field1: private_records field_A: field_B And I have rules set as { "rules": { ".read": "auth != null", ".write": "auth != null" } } When I call observeSingleEventOfType to get globar_records I get the error permission_denied. This works when Sign In. How do I only… Read More Firebase database rules for particular field

Advertisements I’m trying to add a rule that automatically merges two users if the user already exist with the same email and just keep one of them with new user newest data. match /users/{userId} { allow create: if request.resource.data.email != null; allow update: if request.resource.data.email != null && request.auth.uid == userId; function isDuplicateEmail() { return… Read More Why my rule in firebase database is not working?

Advertisements I created my Firestore rules match /users/{userId}/{document=**} { allow read, update, delete: if request.auth != null && request.auth.uid == userId; allow create: if request.auth != null && request.auth.uid == userId && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role<6 //&& get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles_array.length <6 } and the line && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role<6 works OK, but the line with array length && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles_array.length <6 doesn’t work… Read More Firestore security rules read array length

Advertisements I applied recently to most of my firestore collections allow read and write only if user is authenticated. however, I am implementing some google cloud functions (scheduled functions and on document creation functions) to do some changes on these collections (create new documents and update some others). I am not sure if the cloud… Read More what firestore security rules are applied on Google Cloud Functions?

Advertisements Sorry I am new to Firebase, I am trying to deploy my app to production for the first time but I am struggling with the security rules. I have a page in my next.js project which pulls data from the firestore (a nested subcollection), like so: useEffect(() => { const getKids = async (user:… Read More Firebase insufficient permissions – what am I doing wrong?

Advertisements I have the following collection group query: const userInRooms = await firestore() .collectionGroup(‘userRooms’) .where(‘uid’, ‘==’, authenticatedUser.uid) .get(); And it works fine. But since I added security rule: match /rooms/{docId} { allow read; allow write; match /userRooms/{docId} { allow read; allow write; } } userRooms is subcollection in rooms. It stopped working and I getting:… Read More Firebase GET request blocked by simple firebase rules

Advertisements I have chat rooms with messages structure like this: messages // collection messages/docId // docId is Id of the room messages/docId/roomMessages // collection messages/docId/roomMessages/docId // actual message message example: { fromUid: "", messageText: "", sentAt: date } match /messages/{docId} { allow read: if isloggedIn(request); allow create: if isloggedIn(request); match /roomMessages/{docId} { allow read: if… Read More How to make firebase rule to prevent write by property size?

Advertisements I am trying to move my images from front-end static react folder to firestore I want those images to follow security rules, how to upload those images in a way that now one can access them unless authenticated ? can I do this manually by adding the to firestore using firebase console then adding… Read More How to add images to firestore storage that follow security rules and cannot be accessed publicly?